[Bug 848215] New: apparmor: dnsmasq can't read var/lib/libvirt/dnsmasq/*.conf
https://bugzilla.novell.com/show_bug.cgi?id=848215 https://bugzilla.novell.com/show_bug.cgi?id=848215#c0 Summary: apparmor: dnsmasq can't read var/lib/libvirt/dnsmasq/*.conf Classification: openSUSE Product: openSUSE 13.1 Version: RC 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: rhafer@suse.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- I get this for the dnsmasq instances started by libvirt with the latest 13.1 packages: Oct 30 09:05:08 farnsworth dnsmasq[7985]: cannot read /var/lib/libvirt/dnsmasq/default.conf: Permission denied Oct 30 09:05:08 farnsworth dnsmasq[7985]: FAILED to start up Oct 30 09:05:08 farnsworth libvirtd[7904]: internal error: Child process (/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf) unexpected exit status 3: dnsmasq: cannot read /var/lib/libvirt/dnsmasq/default.conf: Permission denied Oct 30 09:05:08 farnsworth kernel: type=1400 audit(1383120308.396:99): apparmor="DENIED" operation="open" parent=7917 profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.conf" pid=7985 comm="dnsmasq" reques ted_mask="r" denied_mask="r" fsuid=0 ouid=0 so I guess the dnsmasq profile needs add read access for /var/lib/libvirt/dnsmasq/*.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c1
--- Comment #1 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c2
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c3
--- Comment #3 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c4
--- Comment #4 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c5
Ralf Haferkamp
SR 205233 sent with *.conf and *.addnhosts added.
BTW: Are there files in /var/lib/libvirt/dnsmasq/ that should _not_ be readable for dnsmasq? (I'm thinking about allowing read access for /var/lib/libvirt/dnsmasq/* instead of listing one file after the other ;-) Good question. I'd guess everything that libvirt creates in there is for dnsmasq. So allowing read for * (+ write for the leases files) seems fine.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c6
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c7
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c8
--- Comment #8 from James Fehlig
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c9
--- Comment #9 from Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c10
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c11
--- Comment #11 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c12
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=848215
https://bugzilla.novell.com/show_bug.cgi?id=848215#c13
--- Comment #13 from Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=848215
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=848215
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=848215
--- Comment #14 from Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=848215
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com